Photo from Brett's Site http://brettduncan.wordpress.com/2007/08/17/blog-spam-crock-or-compliment/
Spam is a ever hated beast in this world. It is the prostitution of all that is good on the internet. Worse than a cockroach and sticks more than a garbage dump. Just like anything evil in this world, the more you try to kill it the stronger it rebounds. Fear not though, there are way to get around many of our spam problems.
For e-mail, there are solutions like Gmail with built in social-spam-detection, as I call it, Bogofilter, Spam Assassin, Razor and many more for e-mail. For Word Press blogs we have the almighty collaborative spam detection plugin: Akismet.
Blog’s have been riddled with spam from all sorts since the beginning and I highly doubt that we will see an end to it anytime soon, but we can fight it. Akisment currently stands at the #1 WordPress commend spam solution. It is free for personal use. Free as in beer, and just as tasty. If you run a WP blog, you will almost certainly need Akismet unless you want a spam LolZ cat “inside youz Blog, spammin joo commentz”.Though, lately things have been changing it seems.
Spammers aren’t dumb, they spam for a reason. It profits them in one way or another, thus they keep doing it. Or they simply way to disrupt systems, annoy the crap out of people or get revenge … who knows. So, why I am I already telling you something you already know? Because ‘they’ are changing tactics, and they are doing it fast.
A little while ago I recieved a comment from a “Andrew Boldman” who seemed like a nice person. Let me a rather nice comment saying “I really liked this post. Can I copy it to my site? Thank you in advance.” Honestly, I was estatic that someone commented and wanted to use some of my content. I threw a ceromony, threw a party and almost made a press release. And then another comment soon after from “Kelly Brown” saying how much she “really like[d] [my] post”. By the Gods! I have commenters. I was on my way to success … or so I thought.
Soon I received another comment, and then another. And I began to ask … huh, why all of a sudden? As I looked over the comments I noticed something strange, all of the e-mail addressed ended with “ds4ns1ns2.cn”. Well that’s a little bit strange, maybe a firewalled area where they all have to send out using one service? Seems just a teebit odd. I checked the IP … all from the same IP: 89.28.14.35.
And that’s when I knew it … it was spam. All these nice comments and spam. So, where is this comming from and why? Several ideas flow around but one rather good theory goes like this, as stated well by Mark Brain on the Warrior Forum. He said:
It’s possible that they are testing sites which will accept spam or those without moderators to control the spam. After that they will have a list of the sites that are “spam havens” then begin posting the actual links.
A simple google search for “ds4ns1ns2.cn” reveals a plethora of spam details about this. The first page results are loaded with spam complains and details from these people:
Spam spam spam. Checking the first website will give you a list of e-mails which originate from that one IP, and mind you it is no short list.
So what does this kind of spam mean to us? It means we should be locking down our blogs. See, this spam is basically a test to see which blogs they can use to spam in the future. If they find a blog which allows unmoderated comments they will quickly jump on it to and use it as a spam source. Since many bloggers do not secure their blogs enough, this gives the spammers an easy way drive automated traffic to their other spam services. Who knows, maybe these open blogs can even be hijacked to be used for even more spamming.
Also from the Warrior forum:
There’s also a setting many of us use on WP blogs to moderate the FIRST comment from a particular user. Once the first comment is approved, they can post without moderation.
So if you leave an innocuous comment on a recent post, and it’s approved, you can comment-spam the hell out of the older posts without anyone noticing. Who reads the comments on last year’s blog posts?
He’s right. In blogs like that, no one is going to care but the spammers. And they are free loading off of your hard work and might even be damaging it. Heck, there is even a WordPress Support topic about this issue here.
My theory on all of this is that this is a form a social engineering. The spammers are using ‘nice’ comments which entice bloggers to allow them. Now, not only do they find out how linient bloggers are but also which kind of messages work and don’t work on people. This will allow them to craft more and more “natural” spam that might just get through our systems soon enough. Ontop of all of this, once you approve a comment from them most WP blogs are set to allow any comments from that same person / IP again freely.
Once they have one comment approved they might just have free comment access on your blog. The other thing they find out is if your blog is ‘open’. Meaning if you don’t moderate your comments at all, you are SOL and you’r blog will probably be a ‘spam haven’ very soon.
All this data they collect, in addition to any people’s e-mail whom might have replied directly to the spammes plus God knows what else, can easily be mined for all sorts of useful tibits. By ‘mined’ I mean data mined, extracting information/knowledge from given data. Remeber tha AOL info leak a while back and how people drank up all of it? They extracted a lot of data from that, much of which was NOT apparent at first. Same thing could happen here.
So, how do we help stop spam like this:
- Get Akismet
- USE Akisment (really, it works and it’s free … as in beer)
- Force users to enter name and e-mail before commenting
- Enable “Comment Moderation” for all comments.
- If a comment looks ‘ok’ but you’re not sure search for it on the internet to see if anything comes up.
- You can be really paranoid and delete any ‘short’ comments that come your way.
- Do NOT give the spammers any satisfaction by replying to them via e-mail or comments.
- Inform any blogger you know who’s blog isn’t secure.
If anyone has any extra comments on how to stop and fight these spammers let us know in the comments. To arms!
What are your thoughts about this? Let me know in the comments below!
Incoming search terms:
- hello craft cn
Related posts:
{ 7 comments… read them below or add one }
Hi Piotr
I frequently encounter this spammer in my blog. Even though at first I think they are not spammers, I already thought that there’s something fishy going on. It’s like, why would anyone leave Google.com as their website.
At first, I don’t label it as spam, but I don’t approve it either. I just delete then.
I’m glad I found this post. Now I know I should label them as spam. Thanks!
Glad I have helped. These guys really are starting to bug me.
Though, one thing I have found is that the site they provide when posting a comment is not an issue for spam/not-spam detection. I say this because let us say that you and I are sitting at a cafe drinking our favorite lattes, and we find a great blog post about Topic XYZ. You and I will probably comment and leave our names and site information for several reasons. Two main reasons being, as far as I can see, is that a) we like to comment and let people know who we are (we’re only human, we like recognition
) and b) leaving our e-mails/sites lets us get a few extra links back. Someone could browse their site, see our useful comment and click to our site … who knows.
THOUGH, lets say someone like my grandmother is browsing the net and sees a blog about knitting and it finally explained something she’s wanted to know for decades … well, she’ll reply but she doesn’t have a site or e-mail at all. So what would she put for the site? She might just put http://www.google.com or yahoo.com simply because it’s a known site to her.
This is a question, in DM and IR (information retrieval) of validity and verification. Sure the data can be verified, we know google.com exists and is a legit site. But is the data valid to us? Probably not since we simply cannot assume that everyone who posts a comment will have their own website. Would be nice, alas it is not.
My only guess is that we could use the website (if it’s something like google.com) as a `plausible’ spam flag at best. Nothing more. It’s just to unreliable of a statistic to tell. How to get around this problem? We’ll have to ask the anti-spam experts, but they already have their hands full as anti-spam algorithms simply HAVE to get more sophisticated and mind-boggling. We have to use the whole message (or at least more than just the site) to tell if it’s spam or not.
Sadly, just the name, e-mail and website still really is not enough. Google is on the right track with collaborative detection, but that can only work ‘so’ far and on a large(er) scale.
Hey, nice post, really well written. You should post more about this.
I got a bunch of comment spam from those same email addresses. I’m using Akismet as well, which blocked all of those comments from actually appearing on my site. I was nevertheless curious about this (why the “nice” comments??), so I searched around and found your post. The theory you mention from the Warrior Forum makes sense to me as well — they’re casting around for web sites that will approve their comments, so that they can later spam these sites. Anyhow, I figured I’d leave a comment for you to let you know that your post was helpful — so you can throw your party and issue your press release
Thanks for the comment.
The theory is rather sound I think. The only thing that is left to do is reverse data-mine them. I want to find out if they are targeting ALL blogs, only blogs that list to certain sites, blogs under certain categories? Who knows. If I manage to get this data back I’ll let everyone known. Hopefully someone has already started this work, or maybe not. Don’t know. Hope the general internet population can help me with this one.
Great article – I too was spammed by this person and I can related to the party you had in your mind. Boy was mine grand
. However I though something odd about the comment, although it was nice, it really didn’t relate to the article.
I then checked my spam and saw that same IP address had left many other comments – that’s when I began my search on the web and found your post.
They hit me more then once and the last couple of times they left tons of spam, thank the great anti-spam blog gods for Akismet.
And thank you for a great and very informative post. Wow – you can party for real now
Isn’t website an optional field in WordPress’ comment form? If people doesn’t have any website, they can just leave it blank.